Hello, > I have client application program in which I call the method > "SSL_CTX_set_verify" as SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, > NULL). Whenever the incoming server certificate is invalid the the > application immediately aborts. How do I overcome this..I need to > abort grace fully calling "SSL_get_verify_result(ssl)!=X509_V_OK)" and > other verification methods. Just look at SSL_CTX_set_verify() documentation on callback function for example from: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html#
The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with ``verification failed'' state. If SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The calling process can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining its own error storage managed by verify_callback. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
